The Time Constraint Check in makePrediction() Allows Betting at Thu Aug 15 2024 20:00:00 GMT+0000
Summary
The makePrediction() function allows players to place bets on a specific game. According to the protocol's documentation, predictions can be made by any approved player until 19:00:00 UTC on the day of the match, which starts at 20:00:00 UTC. However, the current implementation makePrediction() permits players to place bets even after 19:00:00 UTC, violating the protocol's rules and undermining the game's integrity.
Vulnerability Details
According to the documentation, players are expected to place their bets on or before 19:00:00 UTC. However, due to an issue with the if statement check in makePrediction(), players are currently able to place bets after 19:00:00 UTC. This violates the protocol's rules and compromises the integrity of the game.
POC
Impact
The ability to place bets after the cutoff time contradicts the documented rules, leading to inconsistencies and potential disputes.
Players and stakeholders may lose trust in the system if it doesn't adhere to its stated rules, potentially damaging the reputation of the protocol.
Allowing late bets undermines the fairness of the game, as players might exploit this loophole to make predictions based on last-minute information.
Tools Used
Manual
Recommendations
-- if (block.timestamp <= START_TIME + matchNumber * 68400 - 68400)
++ if (
block.timestamp <= (START_TIME + matchNumber * 68400 - 68400) - 3600
)
Lead Judging Commences
Match timestamps are incorrect
In both contracts there is a similar error in the computation of the timestamps of the matches.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.